SYSTEM 
ADMINISTRATOR 



USER 



28 



27 



21 



WORK 
STATION 



22 



WORK 
STATION 



23 





19 




TARGET 






APPLICATION 




3RD PARTY 


WEB SERVER 



NETWORK 
(INTERNET) 




24 



SERVER PROGRAMMED FOR 
GENERIC TOKEN-BASED 
AUTHENTICATION 



G 



AUTHENTICATION 
MODULE CONTROLLER 



34 



C 
C 

c 



ADMINISTRATIVE 
APPLICATION 



L) 



AUTHENTICATION 
MODULES 





33 



BUSINESS LOGIC LAYER 



J 



LDAP INTERFACE 



rc 



32 



30 



DATA CACHE 



25 



CENTRALIZED 
AUTHENTICATION 
SYSTEM 
(LDAP) 



26 



1 ~^ 



DATABASE 
(CONFIGURATION 
INFORMATION) 



FIG. 1 



CM 
CO 



o 

o 

o 
—j 

CO 
CO 
LU 



CO 
00 



LU 
>■ 

5 




CM 
6 



CO 



M 



CO 



V 



< 
o 









m 
























V 






V 






ON 


ULE 




ION 


ULE 




ION 


ULE 


1- Q 




H 


Q 




h- Q 


9° 




9 ° 




9 ° 


< 2 




< ^ 




< ^ 




± 



^51 



INCOMING USER ACCESSES A URL AT THE 3RD 
PARTY APPLICATION SITE 



^52 



3RD PARTY APPLICATION RECOGNIZES THAT 

THE INCOMING USER IS FROM AN 
ORGANIZATION THAT REQUIRES A SECURE 
TOKEN FROM THE USER'S ORGANIZATION 
RATHER THAN A DIRECT LOGON, AND 
REDIRECTS THE NEW USER TO THE 
AUTHENTICATION MODULE SITE, OPTIONALLY 
PASSING SOME PARAMETERS IN THE URL 



I 



THE AUTHENTICATION MODULE CONTROLLER 
RECEIVES THE REDIRECTED USER REQUEST, 
WHICH CONTAINS AN APPLICATION NAME. 

THE CONTROLLER LOOKS UP THE 
APPLICATION'S AUTHENTICATION MODULE 
CONFIGURATION INFORMATION IN THE DATA 
CACHE, AND GETS A READ-ONLY COPY OF THE 
CONFIGURATION INFORMATION. 



I 



THE AUTHENTICATION MODULE CONTROLLER 
READS THE. CONFIGURATION INFORMATION 
TO SEE WHATlNCOMING PARAMETERS IT 
SHOULD RETRIEVE, AND IT RETRIEVES THEM 



5 



53 



54 



FIG. 3 




55 



THE CONTROLLER GETS THE 
MESSAGE RESOURCES FOR THE 
APPLICATION'S AUTHENTICATION 
MODULE, AND SETS IT SO THAT THE 

PROPER LANGUAGE GETS 
DISPLAYED TO THE USER IN A FORM 



I 



56 



ONCE THE USER ENTERS ITS NAME 
IN THE FORM, THE CONTROLLER 

VALIDATES THE USER IN THE 
DIRECTORY (LADP OR OTHER). IT 
THEN READS THE CONFIGURATION 
TO SEE WHAT PARAMETERS SHOULD 
BE SENT BACK TO THE 3RD PARTY 

APPLICATION. IF A TOKEN IS 
NEEDED, THEN IT IS CONSTRUCTED 
AND ENCRYPTED. 



I 



57 



THE CONTROLLER REDIRECTS THE 
USER, ALONG WITH ANY 
PARAMETERS, BACK TO THE 3RD 
PARTY APPLICATION 



c 



I 



END 



FIG. 4 



w 

a 
□ 



00 

o 
o 

CM 
O 

CO 

o 
o 

CN 



3 
CD 

JO 

N 
O 



<D 

E 
o 
X 



O) 

Ql 

a 

E 
o 

s 

Si 

x: 

o 
i— 

®. 
Wl 

g> 
>l 



a 

-= 
ill 



13 

o 

O) 

o 



co 

o 
</) 

LU 



E 
o 



"c 
G) 
O 

(0 

c 
o 

Z 

o i. 

h- go 

X ? 

LU | 

< 



c 
g 

•4— < 

o 
"o. 

Q. 
< 

E 

o < 



(0 



Q) 
O 



> 
CO 

"D 

0) 

O 



C 

g 

"> 



E 

CD 



c 
o 

(0 

o 

Q 



Q. 

c 
o 

"-*-» 
(0 

o 

Ql 
< 



c 

o 

c5 
o 

CL 
< 

0) 



0) 0 

0) 0) 
73 "D 



CN CM 

I I 

CO CO 

o o 

I I 

CO CO 

o o 

o o 

CN CN 



I .1 



Q. 

m E 

<D (0 
\— CO 



c 
E 

■D 

c 

o 

3 
< 



o 

CD 
O 

< 

C/> 



CO 

c 

O 

as 
o 

a. 
< 

> 
< 



CO 

c 

I 

Q. 
Q. 
< 

> 

o 

05 

c 



in 



tr 
o 

Q- 
X 
LU 

O 
CL 

E 



CL 

05 
u. 

o 

•4— ' 



c 
g 

CD 
N 



C 
O 



3 

O 
E 

(0 

i_ 

(0 



E 

CD 
CD 



£ en 

CD CD 

(0 = .£ 

•£ $ 

2 5 

g co » 

^ (0 c 

o - o 

C CD 

o o 

<D ^ := 

CO CO CL 

3 o a 



C/) 



CD 
-•— • 
CO 



c 
o 



0 

1 .3| 

CO o -g 
CO ^ CO 

I 3 5 

* S € 

S3 a> 5 
o>tt= t> 

c ^ 1 

CD 0 £ 

c ^ CD 

O T3 0 

~ CD -C 
CD 

O i_ 

= C O 

a co M - 

Q. - CD 
< 0 O 

£ (1) a 
I- -a cd 



0 
a 
0 



0 
o 

CO 

0 



Ql 

CL 

< o 

O <D 

E o* 

0) "r- 

Q °- 



C0 
< 
111 



a> > 
> o 

< = 



<D O 



®o o® 



CD 



E 

CO 



0 
O) 
CD 

c 

CO 



c 
o 

"•4— » 

CO 

a 

Q. 

Ql 

< 



0 <D C 

E E .2 

CD CD o 

z z 



c 
o 

CD 
O 



_ O 
Q CO 
0 0 



CO 

3 

V) 



= 0. o 

Q. 0 
CL o* 



T3 

! 

_i 

CO 
C/) 



E 2 

CO 



0 
E 

CD 



= t- CNJ 



CD 

E 

LU 



0 0 



C Q_ O CJ CD 0J 



O) 



5 o 



£ O o 

° O O 



CD 

CD 



o 

CL 
X 
LU 

o 

Q_ 

E 



Q_ 

5 

O) 

o 

Q_ 



CO 
N 



3 

c 

CD 
O 



o 

E 

CO 
CO 



E 

CO 
CO 



c 

"<+— • 

CO 

"5. 

Q- 
< 



CD 
C 



CO 

c 

CO 



-D 0) CO 

o 13 *> 
o M - 

CO 

.55 co 

1 .1 8 



P3 



0) Q-*, 

o3 M c 



5) 03 .2 

W > m 

£ ro S 

81 » 

> (D 



0 
(O 
3 



-1— 

CO 

£ o 

CO 

0 (D 

O) O) 

CO CO 

3 3 



£ C C 

[_ CO CO 



(0 

c 

•4— » 

-•— • 
0 
CO 

(D 
O) 
CO 

O) 

c 

CO 



CD 
O) 
CO 

D) 
C 

CO 

3 



0 
D) 
CO 
C 
(0 



(D 
O 

0 



0) 
C/) 

3 



CO 
O) 

c 

s 

0) 
CO 

0) 

o> 

CO 
3 
O) 

c 

CO 



Bl 



<o 

CD 
D) 
CO 
CO 
CO 

a> 



CO 
_Q 
O 

CD 



< 



o 

CL 
X 
LU 

o 
£ 



Q. 
O) 

o 

Q. 



c 

*-»— » 
co 

N 



0 

o 



O 
E 

CD 

i— 

CO 
CL 



E 

CO 

CO 
CL 



c 
o 

To 
o 

"5. 

CL 
< 



0 
o> 

CO 
3 
O) 

c 

0) ±i co 

CD" 

ti= CO -c 

5 • 2 

0 — **- 

pi 

c 5 w 

1 to E 

* ^ 0 



0 



3= ro 3 



C CO 
CO 



o 

■a 
c 

CO 

c 
g 

V- » 
CO 

o 



CO > 0 
*t -C 

0 5 

c o 

~~ CO 

m 0> <» 

-2? CO CO 

<n O) O) 

I (0 CO 



CO 
D> 

c 

it: 
0 
CO 

O) 
CO 
13 
O) 

c 

CO 



CO 
0 

CO 

a) 
a) 



<o 

D) 

c 
LU 

A 

"53 

T5 



a> 

D) 
CO 

c 

CO 



0 
o 

0 



0 

CO 

3 



CO 

o> 
c 

o 

CO 

0) 
O) 
CO 
3 

o> 
c 

CO 



8 

c 

CO 



o 
c 

s> 

A 

0 



CO 

o 

D) 

A 

a3 

T5 



CO 

"co 

a5 

0) 

"E 

-C 

CO 

O) 

c 
LU 

a) 

CO 

o 
o 

0 



Z> 



II 

a> 

"O 
O 

E 
o 

O) 

ai 

O 

T3 
CO 

o 

CD 



0 

O CO 



13 
CO 



£ ii 

S S 

GO O 

£ 0 

CO CO 

O CO 

O SI 

^ o 

*5 CL 



El 



.2 
'c 

CO 
_Q 

< 

c 

CO 

'c 

CO 

.a 
< 



o 
c 

LL 
0 

CO 
O 
O 

0 



cr: 

3 



II 

0 
13 
"D 
O 

E 
o 
o 

O) 
0 

■a 
o 

■o 

CO 

o 

0 
c 

0 

o 

£ K 

*S J 



II 



o 

§ a) 
S 8 

00 O 

£ 0 

CO CO 
O CO 
O _C 

^ o 

*2 CL 



"D 
"O 

< 



00 



o 

CL 
X 
LU 

O 
Q_ 

E 



si 

CL 
CO 

1_ 
O) 

o 

-»— » 
Q_ 



g 
"■♦-» 

(0 
N 



C 
0) 

o 



O 
E 

CO 

i— 

(0 



CO 

o 

"5. 

< 



c 

CD > 
O > 



CO 



CO 



g 
^ 9- 



C0 



CO 



<D O 
0) O 



i 3 
i- CO 

<§ 2 

? £2 . 
Si!® 

1 i « 

ro 5 c 

(5 5 o> 

CL O 

_ T3 — 

^ C (0 

O _Q 

— -„ <D 

5l §■ 

h (0 l. 



0 

03 
C 
CO 



0 



0) © 

E E 

CL 



a) 

CD 



0) 



■o 

5 



<D 

E 

CD 
2 



□ 



■a 



c 

CO 
Q_ 

E 

_ o 



D" 

a> q: 

a> 

E 

CO 
CL 



ul 



tr 
o 

CL 
X 
LU 

O 
Q_ 

E 



CL 

2 

O) 

o 

CL 



c 
o 

CO 
N 

O 



c 
o 



E 

CO 

L_ 

CO 
CL 



c 
o 

CO 

,o 

CL 
< 



CO 

3 0 

0 > 

1 * 

2 -o 

CO o 



c 
o 



CO 

0 "D .N 
£ (U C 

two 
<D => £ 

N 0) 3 
£ -Q CO 

O = 

5 



CO 



CO 



o 



CD.E 



o 

o _ 

a) 0 £ 
co to ^ 
3 0 CO 

3 



CO 

o 



co >£ 



o 

CO 
Q) 



3 
o 



CO 
0) O 
D) - 
(0 CL -Q 
C Ol CO 
CO CO 

^ 0) CD 
^ O) CO 

O IS * 



0) 

0 
E 

CO 



0 CO 



-Q o 



CO (1) 
CL 



CO 



0 



c 



P e 1 



2 

o 



0) 
Q 



5 

<D 



<D 

O) 

CD 

C 

CO 

4-1 CO 

(Do 
E2 

(0 
Q_ 



E 
2 



LL 



0 0 0 
-*-» 

0) 0) 0) 

CD <D CD 
"O "O "O 



"O "O "O 
0) 0 0 



CO 
+-» 

CO 



0 

D) 
CO 

c 

CO 

8 



S c 



0 
CO 



CO 

E 



O C o 
CL 0 t 

O ^ 0 
8 2 0- 



0 

ECL 

<o h- 



co 
0. 

CO 

< 



co 

a 
0 
0 
CO 



c 

CO 

1o 
c 
o 
O 



"0 

5 



o 

CL 
X 
LU 

o 

CL 

E 



>* 

CL 
CO 

D) 
O 



CO 
N 



3 



3 

o 

E 

CO 

»— 

CO 



E 

CO 
CO 



c 
o 

"-*-» 
CO 

o 

Q_ 



0 u 

O D) 

0) C 

(/) C 

5^ 

o E 

*- 0 

£ -55 

a) >. 

*-* (/> 

E 0 
co 

0 

a) _c 

£ *~* 

CD -8 

o CL 

o .£2 

"D CO 

0 x: 
c/> 

3 c 

</> $ ui 

*- O m 

<D +-* » 

D) CO 

c .£ 

CO -C 



o 
o 

c 
o 



■a c 

<D o £ 

■C C 3 
— Q) CO 



o 



0 

Q. 



5 
CD 

E 
2 

CO 



O) 0) 

c 

CO 



c 
o 



t 

E 

2 
re 
0. 



0) 

E 

(0 



a> 

4-1 

0) 

E 

(0 
w 



3 ID 



! I 



0 0 

a) 0 

a) o 

T3 -o 



■a "o 
cu a> 



Q. 

E 
co 

CL 0 



i 

CL 

u 

a> 

co 
c 

CO 

a> 
o 
c 

CO 

E 

£i 



O 

E 
2 

CO 
CL 

CO 

■o 
■o 

< 



0 
Q. 

CO 

a 

0) 

0 

CO 



> 



c 
CO 

-4— » 

(/> 
c 
o 
O 



3 



o 

CL 
X 
LU 

o 

CL 

E 



CL 

5 
o 

CL 



c 

0) 

o 

O 
E 

CO 

i_ 

CO 



E 

CO 
CO 



c 
g 

CO 
CL 



CO 
CO 

sz 

i— 

CD 
CO 

CO 
1— 

0 

-C 

0) 



0 
c 

E 

0 
"D 

CO 

O) C 

g g 
0 2 

CO ^ 

.2 2- 

43 CO 
CO -»-» 
N 0 

"° £ 
£ -2 

CO £ 

ks 

Q to 
_j to 

<D 8 
sz o 
h- to 



> 



, to 
a3 £> 

O) ~ 
r— o> 

^ § 

±S CO 

§1 



0 

c 
o 



0 

■4— » 

1 

CL 



> 



0 
C 

o 



"D 

C 

CO 
k- 

0 

CL 

O 



0 
> 

CO 
CO 



0 

5 



CM 



CO 



o 

CL 
X 
LU 

o 

CL 

E 



c 
o 

To 

N 



C 

CD 

O 



o 

E 

CD 

.0- 



E 
co 

(0 



c 

(0 

o 

CL 



E 

2 £ 

3-g 

>> Q- 

Q- T3 
CL d> 

* Q. 

2 ^ 

i_ o 

0) d) 

=» </> 
J! c 

$ 2 .Q 

2 CD 15 
(0 >, o 

|i & 

§>* « 
>> jo 

S 0 

Q- .2 _c 
CO -j^ *- 

o) o S 

£ .2 0 

0 o .E 

-C C 0 
H 0 -Q 



T3 
O 
-C 
-i— » 
0 



0 
O) 

c 

<D 
(0 

>* 
■C 
a 

2 

O) J) 



c 

CL 

a 
c 
LU 



a> co 
to 5> 
co .E 



a. 

(0 



2 



O) 

^ o. 

5: * 



O) 

o 



E5 
o 



> 

CD 

a 

■a 

0) 

c 
Q 

"D 



CD 
C 
03 

JC 



CO 
CL 

0 

a 

0 
E 

E 

>* 
co 

< 

CO 

o 
o 



o 
E 



0 
CO 

CD 

c 
a> 
CD 



CO 

Q_ 



0 

E 

E 

>* 

CO 

< 

CO 

o 
o 



o 
a. 

E 



CD 
u_ 



Q. 

o 



0 
D) 
C 
CO 

O 



0 O 

O 
0 



LU 

CO 

O 

CL 



1 



CL 

o 

Q_ 



c 
o 

CO 
N 



c 

CD 

o 



3 
O 

E 

CO 
CL 



E 
2 

CO 



o 

CL 

E 
i_ 
o 

o 

Q_ 

X 
<D 

2 

to ' 

8 8 

A o 

(1) Q- 

O) C 
CO o 

LU O 

§-■£ 

— <D 
CD £ 

f 5 



CL 

E 

ff 

tr 
o 

CL 

.3 



o 

Q. 
X 
LU 

o 
E 



"O 

3 



3 

JO 
CL 

E 
o 

CL 

E 



c 
g 

CO 

u 

Q. 

Ql 

< 



